CORRECTED-Connecticut health exchange seeks to help customers after data breach
(Corrects fourth paragraph to 151 social security numbers were found, not information about 151 customers, including names, birth dates and Social Security numbers)
By Richard Weizel
MILFORD, Conn., June 13 (Reuters) - Access Health Connecticut, the state health exchange created for the federal Affordable Care Act known as Obamacare, on Friday gave options to help nearly 400 customers protect themselves after their personal information was compromised last week.
Those options include credit monitoring, fraud resolution services, identity theft insurance, and security freezes of credit reports, said Kathleen Tallarita, government and public affairs outreach manager for Access Health CT.
The exchange "sent a priority-overnight letter to 395 individuals to inform them of the situation, and offer a series of remedies, at no cost to them," she said.
The breach occurred when a backpack containing a notepad with information about customers, including names, birth dates and 151 Social Security numbers, was left by an unidentified Maximus vendor employee outside a downtown Hartford deli, officials for both Maximus and Access Health CT have said.
The backpack was found on June 6 by a man who turned it into his legislator's office the following morning. The Hartford Police Department, working with both Access Health CT and Maximus, is investigating whether the information could have been made accessible to others and potentially used for identity theft.
The employee, placed on administrative leave, was hired in April and violated corporate policy by taking the information out of the office in his personal backpack, both companies said on Friday.
"As an additional level of precaution, we have completed an audit of all computer systems to identify every AHCT customer who had contact with this MAXIMUS employee," Tallarita said.
"The bottom line is that one of our team members made a mistake," said Ilene Baylinson, president of the eastern region for Maximus.
"Removing any personal data from our offices and facilities is strictly prohibited. But we have no reason to believe that any of this information was used for fraudulent purposes," Baylinson said.
State legislators, however, are concerned.
"This disturbing development highlights the concerns we raised three months ago during a hearing that we were afraid something like this might happen," House Republican leader Larry Cafero said in a statement that criticized security protocols. (Editing by Barbara Goldberg and Edith Honan)